Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bea vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-0422
Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote malicious users to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2000-0684
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote malicious users to compile and execute Java JSP code by directly invoking the servlet on any source file.
Bea Weblogic Server 3.1.8
Bea Weblogic Server 4.5.1
Bea Weblogic Server 4.0.4
1 EDB exploit
NA
CVE-2003-1221
BEA WebLogic Express and Server 7.0 up to and including 8.1 SP 1, under certain circumstances when a request to use T3 over SSL (t3s) is made to the insecure T3 port, may use a non-SSL connection for the communication, which could allow malicious users to sniff sessions.
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2005-4705
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote malici...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2004-0652
BEA WebLogic Server and WebLogic Express 7.0 up to and including 7.0 Service Pack 4, and 8.1 up to and including 8.1 Service Pack 2, allows malicious users to obtain the username and password for booting the server by directly accessing certain internal methods.
Bea Weblogic Server 7.0.0.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-1352
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and WebLogic Server 6.1 SP7 and previous versions allow remote malicious users to cause a denial of service (memory exhaustion) via crafted non-canonicalized XML documents.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-2467
BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 displays the internal IP address of the WebLogic server in the WebLogic Server Administration Console, which allows remote authenticated administrators to determine the address.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2006-2471
Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain &...
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
NA
CVE-2007-4618
Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 and 7.0 Gold through SP7 allows remote malicious users to cause a denial of service (disk consumption) via certain malformed HTTP headers.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 6.0
NA
CVE-2005-4762
BEA WebLogic Server and WebLogic Express 8.1 SP4 and previous versions, 7.0 SP6 and previous versions, and 6.1 SP7 and previous versions sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.
Bea Weblogic Server 6.1
Bea Weblogic Server 7.0
Bea Weblogic Server 8.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »